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۲ ا 
R‏ یں AY Pe WR‏ 
واو را ی ا د گے ا کک ن و ےل E‏ سوہ پر 
و سی CARE AS TEEN‏ سی یی مرو پل میں یت تی os Pee‏ 
PRAT TOA EA ARE‏ لک IA‏ وم ا کی ار eee tata net‏ یراک 
u‏ هي A ll PSA E‏ ا ار ام 022 A E AN Pere Pere Conny‏ ا o EAT‏ 
LTE PERF A IAN T‏ را ا و وف وو رین ا Ee‏ کک مد او A aaa AA‏ 
چٹ حا ور arm‏ ا لا O ar" qe Ye pa‏ و RA MUA TOOL PRE AAA A A PU E Zn ELL‏ 
ہ AEREA A ra F 1 IA o TA uk‏ کی AR A PRO pp‏ رت یسرم و سیپ سی یش بس 
E TS E G P; - a 7 us TIA‏ کم P ETTET PP ROT PERN A ARA TA an AIR‏ کا ا ا cd FOTN YT gr R‏ 
s% Me > Py A z‏ ہے ar o Re‏ ا Cary CT‏ وت ا a BT ane see‏ ا ا PO il A‏ ا ا ما یا ا سی دی بب از 
ا ا a‏ اا کا ۰ ye ¢ ad‏ برای PE E‏ ہے ا ا AS‏ اک HE ar‏ سم پا کا ا OT‏ ا EL een‏ ا نی ا Para TE nd A erp E ria‏ 
rye ed w FP " = mt o a ETA a ARA AAN‏ وا A nl tiv ye eno ad RT po E K A‏ یکا رر OT TT geh Pa pt A‏ ا ام E IO‏ 
A SI A TR a cells An? °" My ® ES a FAA TEE o‏ جلاا AAA AS O‏ پا ETT EO Cs TID de A‏ حا ا ETE a da r‏ رک AS a O IRA ra PESE‏ 
T‏ یٗجی۔ وو ی۔۔۔ ب۱ ۲۰79 CTET . oy OI 4 + . Un A ES arr NP AA an Air UI dt PTE‏ بم ي Fg‏ ےی PA PE eer a ri‏ ۴ا رم ا NEED EEE AA DR EAN‏ 
سس لو جس در بی اس سی سر ا ا کا AT‏ ہم EA ٠۰‏ دہ ت ee ar oe 2 AAA‏ اہ ا بی یھ یی رہ ے .۱ Wa RN OE ETE TR EA TE pet "n fji O A‏ رک TE PET‏ بے بی مر گا و pea re ES‏ را 
وچ یویند و اا ا ا PA ra‏ م a LN N‏ مھ ہدجوا رمیہ و چا are ta" BETT TI‏ ہجو DL‏ زین ‘se‏ 2 ےب " y O mo“‏ رنیم ر0 00م O‏ + بر رو پر ے rail AR AS‏ وہس AA ee ts Pe‏ ا ام EEE ch‏ پیم PA‏ 
ar‏ می رسس مم سی درم بت می یکر دی مم میں A AA AA‏ ہج ٢‏ پر وت موس WW #۶ I a a e E a a 7 Y? BLUE En ce = ym er ee” wa RAN en‘‏ موا e KET ET‏ ہوم gin LE PO EID Ke FC VRS ad RTDs DS al A ETT‏ لے تس رس A A‏ ارہ و ارم رت کہ یچس dd‏ میں بی 
Di a AA rer‏ مرو یں بے سیک وین u edhe AN AA rn‏ شسہ e LAA‏ :ا مام بی کا 0 her ¿apo ll g NE RA‏ سا ا ا pt SP Er‏ ہس rer Te PR AP BE LY) Peet A IV ayaa Pa‏ یل ہیں س اھ کل A A PA‏ 
en eer rl‏ ری کے جا سریپ وکیا یرس ہن A O eo A E‏ ےت A‏ وب ےتا ہی => ہے ER A rn T nn‘‏ ا a RAT‏ ا پا e o O‏ بیو ا ا مت سو و کو REA‏ 
On‏ بح پک تی ری AS A ore w wy SS A‏ ار رف SAA‏ مہ ۱۷ں :رو لی ۵ید A MES E 2 2 E ad a nm » A A N nn‏ اه هيم bt A JO Mar A Pra eet AAA LE aye aes St‏ ام دی P ad ee A A PA Po‏ کک la rs dee Ar E‏ ار جو سی ا cae‏ 
PAN A A ee‏ امج .& A ANAS‏ سے یں a‏ بھی اوا“ mt 4 we E T‏ بھ OS) PA AS Zu a. mo‏ ہے 2 el et ES = P te r mh Br‏ د دی ٠م‏ ي w‏ رٹ ٭ ری ہو( | Pd AA ie AA ARA A E e‏ ہی OR alias‏ ا € Io‏ سس سم کید سا اس ساس می ےا 
د وه PET Ti‏ کی کا ell TOT TT i a‏ کے ا ار مھ ضا نون ۳9ےے چہہے u FE SV Ze al N‏ ری بے We‏ وھد کے دن ٤‏ چا یس RA‏ برک ۴ے ےس رر یہو وت € E‏ کو e INR NU A A‏ ا AA A oan N Per‏ و Der AA A A e‏ 
مھ «aye A ed nt ER er See ae‏ ہے یر is A oa TD un a? As AA 7 A‏ ۷ا دي 7۲٤۶‏ نر ووری۔ تل ۴ رو 6 Moit y om nae‏ وا PA A En Li PRA AS a A iiid pp AR ld A o ED EA PA aie A‏ اوی as AR A‏ 
جا +سممیم Dy my. E aie‏ چیا ve nu O ٠٥٠ A ARA A‏ ا ۷٣ ETS DL‏ رگید ١ ESA‏ د »- ENTE Ce Ea uns‏ ابی ےج MDS a ayh o'ar rr Te a‏ سم PETE Ya‏ میم لے it‏ ہی کو مہ می ےم را ھت نر ۴۳ Eee‏ 
AA PR A O o >۰ ara 7 dd A o dl A q‏ یر A S‏ ا ار نو س۵ ew o‏ تج AP a mn u w 2” ne run " v PORNO Dee de‏ ےو d gg PEA PRA‏ رت مم مد RR DE‏ ا ا ا we i‏ اس DATO beta‏ 
œŒ PA AP E a2 POP A an ww.“ EEE E ia De AA AE er il Peer AD red ELITE er‏ = د anal‏ رد کی و رب ری ہہ یں y O a ee EL‏ شاا + ایی یں و AS did‏ ھا BE eb Ia A‏ یت جک سس سی بے سے 
E ED A a Dd en A u TT‏ یتیج کت t = ap de yen CES: T | unta yw re‏ میں 7 “ کی صر a lind Pr WER‏ رت سیر لا ۰۴ یں یج ot yw‏ ا ا ا GARA A EEE TR tg Süd ELÎ nor" ig te FPA at‏ دی A A A ai‏ 
Re cake r AAA PU ree +p 4 et ee DTS‏ ات ag we Tn se nee PE 9° a‏ ي و لم .> E AFA 1 n ATAR an Bd O‏ ییا Bad a"‏ کک ارون کے SS‏ کر موي e gar eee ee Td Peery errr Td‏ 
T‏ سم a‏ نے ےی سم سیت مہ دس وھ سس مو ہب سے ca YET Le or Car‏ میک eV La ? AI‏ گی ر APRA A ANA Be O a ated A A‏ مس DT A‏ کا ا متاح ےم e PIL Pr Ferse 5 AAA ua Dean RR AS AA il‏ بس ود سے تی 
ee nam‏ ات dad A‏ ووہنجھر رہ A un. ATA ar ٠‏ بم یکی پر ee OF un‏ و کر سم a - e C | ga ve CS‏ سی مر cor TE? po ur‘ none Ae”‏ رت id A‏ و € mT et Fe SEITE ta ene EME Pad AAA if - yrs PA aban Ff 0 PN TE‏ ا ا سر سب لی 
ana taama.‏ پا ا A‏ ا a A a an kab E, heady EL ae en AA ay PS‏ . : بجر کے رر وی بک ہپ AA‏ ای iy fie ARS A A e A AS T e a AO a aad Re d‏ 9 کر ا رک ین E‏ مت سے مسوم سس حر 
8" ہے مہ rn yet ® uri Y PR DA a are‏ وت W BPs . m" A A FA A  .* PL PR‏ ہے الو one A‏ د کر ول برا PP ET I ZN PA E‏ وا ET‏ ناک ا PA T‏ ام E LO DET rn e IRFAN Lt PA‏ پا ا A‏ و 
یچ : un‏ ہے NOU MIT MULAN: PISA A IN a POTT‏ اس Ui ee EA‏ ا ا ا ا سرد ریت e. a‏ ند So mna E‏ یی رر رہ ٠٣‏ ہق ہو یر کی ٩‏ کي a rr E UA de MD PR Bere PT PP u eee je «ANP ee" at‏ نا ا کر y a‏ رس رت سے سح مع اس می تر ہی 
A A A dde A A UN S‏ اہم رہہ ے۵ DE had AE aid‏ ہے کا ات اسر نکر naa‏ مم ا وید یی ہی ہے "7 . = : پر e a A‏ پآ ء؛ رہ s te AA ae PO PA AA‏ ا اک ار رو اسب دیس NO Taree part‏ مس eae‏ سے و ارعش ow‏ 
er‏ سرد مرج ےچ ہام ٭ھ_ھ ہ رھج nr u Br OT FE hdd WAR ante‏ عیب ےا کا wre N oa art rn ed. fa EL, PARANA‏ رن جات ` nī PERNO E wa”‏ . رو r‏ رر ل وو ےا JPA WIN. ee Te" 01-1000071 POF‏ که pre a EA daa e nen Fe OS Math font”‏ ا ا pa aia AA a A‏ کک ےو ید 
ee‏ لے مس r A ee ry‏ ےا ا مر چا ا رن E a‏ ۵۔۹ PAS A‏ ا بے کک AA AA add “e g ee‏ ا سر ا ا ا مب رر جج - nee 8 ae‏ سے A n aa vs #" PA‏ ت د ی ررم AS PP ٣۴ ru! Tamy” AA TT E LER‏ ار gcse af ^ ee al bl‏ ھی A E‏ 
ےو و ر ANO A E e RN rar‏ ہے ای YT a AVE e se AA‏ ہر PRAT N ۰ ur at PAT E A‏ بھی٥‏ سص ےم # . d‏ ماف RN PP? | TEL. TD EE Poy‏ 0ت۶ ARAS APA RS A aed‏ پک ا PR‏ اہب رر PS Ad PA‏ لہ مہہ مس مت کت وا 
ما ا al 2s). © FE ad N ATI a a A A‏ ا ET‏ ے۶ ےا UV‏ لزا نیٹ + Kere‏ رس ed 5 ein P‏ سی A‏ ا t mo . PA‏ 4 چا APA‏ 7 ا E‏ نس م Leaded‏ ا ا 1000۳ di‏ اس ا ہیں ےت ویک ا 
a a A ad a 0‏ بک یں A‏ 7 ؟ ج۴ JARAMA TA o "1. eet Pe‏ ےہ وی w AA A ms? 1 qm be E Ba‏ ® ”اہ A 7۴ per PEPEE ZT pas PP A A a des A A‏ بی eno er 00 SA E‏ کاپ ا ا یر ا ا یی ا سو پش ہے 
the PUR TS le‏ = وی ا سو یف r P a e PE EST hal PAS ae‏ یو ود 14 Pare ee ER Pre 5 marth iep‏ سے E © ary Oe PA ES a‏ ×ےە وا OTD . " la Y A‏ ہت ١ PA A‏ یر ٢‏ یم ae "art‏ ضط AR RT re EN ee ec PR A an A a tan PR Pr Fra Sen‏ 
TN Sa eee Ea‏ پت PAR A a‏ کے وا T MA E‏ ام AN ted AA a‏ و wt hem vA vi Oy an A‏ پروی کش aa Pe yn‏ یب اوس مہ d‏ ٭ہے سے AR N hot ee et e‏ عحبد یو rt PARIS A sas MAF AA A PS PAR Sd PT aida PART A Py ol‏ ااا RA‏ ی 
ae Rie a Doe we PO A A 8‏ ا Ji E ¥ A AS A a PR A yı aa oy BRP‏ ہیر کا , اق زیڈ ج wuuess‏ ېړ بو AI‏ ۶ ید ئن 7 prey eS tea u e‏ ا PT‏ کے ام De‏ ای and e A‏ ےہ یی anne, EA ada ant‏ تی ری al‏ سی سے نوس تا 
a‏ و وک چ کے ہے ےا کا PU de AR ns PO‏ ہوم APRA ee‏ , سیت نہ کہ کم ا E O a Pl‏ > سے رج يه PE SA AA AS SA E O a ART cl A ee AS ws ۰ ATRE d O‏ د د لیو PT alien DE a a AA rn‏ یر رر اکا ا 
A AS E een PU AA‏ لہ mar‏ ای کا ا و یا ور بیس فی A de Rp ta MAA‏ سی de a A‏ + ور m." y ES e‏ ۾ ميرو و EE‏ “ل ۴“ 9 ا ما ا A A al A E e N O AS PR TDs Co‏ ید A‏ و یا ا 
س son? a n E OS A o ee a‏ سنوی ا “r PAE‏ سر ا ا ےا A ae Pr A‏ شس مکی ہی . * e a sommes‏ 2 که o ti A TEJAS PR I Zug BE‏ ا A‏ رق A OS‏ ا A aa O AS ea tia IA‏ وب A ED EEE a AS‏ 
ai A SA aa‏ ر ہہ یسیج ann <o 2A AE A oo e y hy uN PA‏ لی A RA A 0 70 E OS ds IE A tl AS A SE LM "we A id A MA‏ ہے ANNA tn‏ پر ut‏ یی II ES‏ کر کو مم یصو Seen ae‏ 
انوا un ES ende dl AA‏ > ار سے nr RT a! ET‏ ںی ینہ or A UT O ed Fee‏ ۶ه Aalen nt‏ لک a‏ ا 4 ت er Pe‏ ا ا > سی ا ا ۶ لات کر ردت م سی مار کی A nt RM TE‏ دہ ہو سب سای ہو ہہ 
A ia‏ یں 6مہ چبصظطصممر ےراہ جب at A‏ ھوابمہپرے O ia‏ میک e SS «e PDO‏ ہےے۔ اہر ee OW NM Pe NY > O a yes‏ ا ا Ker‏ شس بے de a‏ رر PR AS PRA und PTE ahd AA Oa‏ کین ات pie rg a TO‏ 
g g 9 it APRA ARO A AS o‏ ہہ کی o‏ ۔> یں می ہو AO.‏ وم روا کی کر m 2 thy 1 A e PA‏ سوا مر a‏ سے بی ہ۲ etam? N‏ و رٹ weit fee PEPA a‏ ۰۹۰۰۰0 ت کا کار = ae ee Lt SE Zi BT‏ 2 ااا ا 00 t NA ee‏ یلاگ 0 A ie‏ 
er‏ " ہے اہ TR A A NT A da mo qe "e tnapr Y A A n a A R.A © r RT ge ET‏ ھا ا O‏ ا ای A ADA Oe ds e AO E‏ ا Seni ere in e A A E‏ اک me A dl RR‏ سی ا ےک A‏ سیا 
UD apre "put et A A A db a ee ap enero PRES ee por eaters‏ ہے a‏ ہر اک م meters | oN ra . y -r A NA nun to” N as‏ سی e i A E E Aaa 7 PR id A A‏ لر AS PRA A‏ ہے ite‏ ہا سارہ می اپ ا ا ا ا سی ساب بے ہے ہپ رت ru‏ اا و 
ا کر RN A A A ARANA ih‏ ا مو لے ےا ا ا اسر AS ne Pe Sa RE OT‏ ا 2° E a a wt‏ ہے تہ ا fe PA‏ د صد چ A ae A PO ot ed‏ ا a P alate NADIE io ۰ AMIA En A‏ رر oI Se mae eee TO‏ ےد اس سید سا 
A r‏ در Ad be rod An ۰ e... y «vam yl» o.‏ چور ۱ و an,‏ جم a‏ ۷ ہ۹ بی ومہجی۔ were‏ ٦٠ص‏ در نمس ad pags BOM Oe RA ES‏ دا PP dh e. y) 0... ss‏ بی رج e‏ ا ا ر کی ۳ یہ حم مم تیم eE oil APP A A Pr eee! PE ana aad‏ ی RAS ge ne gare RA‏ 
کہ کے BR, nt‏ > یک A‏ وس میں ty YAA. AMM A‏ کے mo” fF" e y dt” were FHM A WA‏ ری rg heehee‏ اکر ا Lon a ee "ae tw ? r” AAA‏ ا کے EA A A EDO a PA E‏ 7پ ERO ee a eee)‏ فا ES A ii A‏ ا ا کے کا ےت de ae pT‏ سار A‏ 
راہ ہروےے Nase u r a0. a E iia‏ جیا ا ی A A A gav‏ کے مرا م0 ہب تی a PO‏ ھ کک ہے PA‏ یر ET RTL‏ ےر تا کا on‏ امہ سے ہی ہی AR A A de AA ES PPR mT Le ond wet!‏ رر ےم روصت دس ہس سو سو و بس A A A‏ 
a‏ ہی ee‏ نی N i A TE zu PP od PER EYE nn ay vans AR q2 a Rn RA‏ ا ”٥سد‏ :ینیمز ۔ بںء Ayten mP ARA aiaia N ne EE aiad pT ila id E AROS PRA NW ad oe od por A‏ وس سس مر ےلج اس مھ سس ہے مہ سو یہد اش لان وی ا ےا ا مق رما دی 
a ua ve! AA OA nn AA PUDO al en‏ 'م وہ ITD aay mlr NS,‏ پچند vw EE IIA PAE tl elo y? PT‏ ت سر w‏ میں رک د .2 PP Zu ms‏ که جومم میں و و من et re aad AN u ee PAP Aid r}‏ ایدو alee ar sr‏ کا da A pa‏ 
nA aun u ET a a EI‏ ۳۳۰ ٠ہ‏ ی0 مر مج POr tre. w7‏ ٭ he oad AAA PEET T er qa‏ اوا جے۔ ۶ے e oe Ww‏ اھر PO den lead A ded athe‏ سر PEE et telnet: shot Pape ora) AS das P arte wu? aye‏ ساو ee es PA near‏ ہہ کیاد ہے A‏ اا ا ا رف سب ا یک تح نک OE‏ 
mo tr PAE A RE: q.” 2. m7 » A ad A AAA ¿o AA‏ و کی PEN mI! Ay Y ns a Pego, Ny PA‏ وی A A - O AO g tn A e pe Er 1 7 200 2 E‏ را ۔ A PA‏ ھا وی“ ORES Tr‏ وس ut mer‏ رن لی PAI‏ 2 سک aoa” O A‏ نی سے اک ا ا ا وی ہے سے سی سیردت 
ee!‏ ای o. ran ta‏ د ڑ٥ a en o | 1 qe tse OF tr e nr = ICRA Dr are ca ٠-6 DR NE Fre PT‏ ہے ا اک پیر nr dal ru i‏ . ا PART ce) gag ae o ae aa we A‏ ےا Tae A E‏ سوا راب لی انس سب سی سس رق PAS nd‏ ا 
ا اہو A A A A‏ ا دب 0% qan a2‏ مر A‏ ا yy A‏ ج۵ کہ DA T SEE AA‏ . ےت و" کشر ہیر u‏ سم N etal ae we te PEC da AA a a A ig‏ ٭ اد مھ Py ee ad PINTA As AA‏ لیو A aided PRA‏ سس سم مر ےم رک ا ا ا یا 
ett ree ey nee -‏ ریہ کے سیت ۹۶ .ھر ہا ور ںی tn Mr del‏ ۳۶ 0۰ رو۶ A SA nee v‏ کس سا RE‏ ا کت ta‏ ا un‏ رق AO‏ وی SAA‏ کت n T ae a‏ ا nag a A AAA A PUMAS suitor pa‏ ا ei‏ 
ہے .ا ی ا و € AA ide ES, oe ial e lo Kad mb A Td rd MA il A Ah: ep rin r A TT oye‏ ا کی یھ un q‏ ہا er PI‏ کا ا PA A AAA A‏ کا A tl A‏ اھ ppa po aieo‏ 
اھ ےر کہ وہہ ھ یکی ہہ رہ ررر ہے ا 1 N it Pl PR‏ ہی A = yal hr APRA sr‏ مک PA‏ یہ ا ws ng Pay A A A 7 wat‏ ھا به وي o Bu "° . ae we wn‏ ور PEA nd and‏ ۶> ے۔ PATT. EYT OT A‏ ب ps hai E e‏ 
ed‏ مع دہ ہے بھرے gear g are T arae‏ بس ی A A‏ کر | r = Pe? ee OTTO A‏ ہک en‏ ویر O‏ ہرےہںے o‏ ہے یر 01-7 ۰ POs ATT IS saw‏ دو nad At Pe Er PET DL dc Fe en e TE Ea‏ لیے PA‏ . 
ےتسس ہیں YAA PA A‏ بر FE e oo ` kaj EA O nr DE a A a dt u U wY T‏ دسر A‏ سیت DT a T se d EA‏ اپ کے EEE VE‏ 
جم MR‏ ہیا Ww e E‏ بے مر ہو اف وم سے LoM ie g n E dl same dm”‏ ہے ید ےو[ لچک ATA‏ ےو امام مم مد ما ا Lin ee pee al‏ او A er!‏ ےر لوان pa E O‏ کے A‏ ا سز Pe On.‏ 
ہے i an + OS A dah PA u ze ann ar e 2 A AS ia avit AN ci nr wr A‏ کم دہ A a a ed hd ee‏ یم وہپے „tw war we pus‏ رر کی “rT Le 7 d‏ وی دے PA A‏ ا ا ف مک 0 
A = PS In > ee I ro‏ می ACA IA e e ut ut‏ وس te FR E Kokia OS EN. A‏ ہم رر سی ا ر نر و .یس ie oa A ES A lees PETEA E S a Aad PA ES‏ ا A E e A N‏ ا 
ےج a PU A hl sm Ae A PU SS ay‏ بی بہت جب A > PA IA E‏ ۰00 ٭ و E A‏ نہد رس رک ات ‪‫ rt AN eed‏ +“ او e AA Er" Pe‏ د Ion. PEI‏ سس حم EV de F A un A O‏ م A AN E ae‏ 
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I. INTRODUCTION 


In this age of constantly expanding computer technology 
there is often a tendency to "go with the flow" just to 
maintain an even par with the new technology. As new 
developments are presented and new machines are constructed, 


it is often difficult to keep a proper perspective as to 


what use these new computers will be put to, and how they 
will be managed. But what happens after the right machine 
is selected and matched to a corresponding "right" job? 


Once the initial deficiencies are identified and corrected, 
and the system is performing as expected, do the systems 
managers amd operators sit back and relax, their jobs 
completed? Not if they are good at their job and concerned 
about the systems they are responsible for. A major problem 
facing them now is that of system security. They must now 
proceed with the security plans which were, hopefully, 
designed during the initial phases of the systems’ 
development. The system must be protected from misuse, 
abuse, sabotage, theft, and a whole plethora of other 
security threats. This important issue is one which faces 
the managers of all types of ADP systems in both the 


civilian world and the military. 


The military aspect of ADP security is one that is 
especially sensitive due to the nature of the military's 
purpose. The military makes use of many different types of 
computer systems which perform functions that range from the 


control of guided missiles to the control of inventory and 


personnel records. Basically, these ADP systems can be 
divided into two separate categories; tactical and 
non-tactical. Each category requires specific types of 


security for system protection. 

The US Navy has not let itself fall behind in the 
business of ADP acquisition and use. It has developed or 
acquired systems to fit its own particular needs in both the 
tactical and non-tactical areas, though the tactical area is 
far ahead of the non-tactical area as evidenced below. This 
is due to the necessity of maintaining a modern and 
effective arsenal. However, the Navy is currently beginning 
to expend more money and effort in the area of non-tactical 
ADP systems. According to LCDR Mark T. Brown, there is a 
"computer gap" in the Navy which is "seen in the increasing 
divergence of capability between its tactical and 
non-tactical computer systems." [Ref. 1] He cites as an 
example of this the emergence of LAMPS III into the fleet, a 
highly technical new tactical system, while at the same time 
the Navy is using a 20 year-old UNIVAC 1500 system, a 


computer-card reading, batch-processing, non-tactical ADP 


system, on large ships for non-tactical applications 
(Ref. 1: p. 44]. Up to this time, the UNIVAC 1500 appeared 
to be the only large-scale non-tactical ADP application in 
the fleet. The SNAP I system (Shipboard Non-tactical ADP 
Program), the first part of a two-part program to modernize 
and expand the non-tactical automatic data processing 
capability of ships, was directed towards the replacement of 
UNIVAC 1500 computer systems aboard large ships [Ref. 2]. 

The second part of the program being introduced into the 
fleet at this time is the SNAP II system. It is currently 
installed (or being installed) in some 90 surface ships, 
with another 360 vessels slated to receive it in the future 
[Ref. 3]. On the deep-draft (large) ships SNAP I will be an 
update to already existing systems, but for the small ships 
SNAP II will be a brand new automated system which will 
replace the outdated manual systems. 

There is a need at this point to differentiate between 
the terms "large ship" and "small ship". A large ship is a 
deep-draft vessel, i.e., aircraft carriers, replenishment 
ships, amphibious ships, etc. Small ships are classified, 
for the purpose of this research, as cruisers, destroyers, 
frigates, mine countermeasures ships, research vessels, and 
salvage ships. It is the large ships which have, in the 
past, been the recipients of the non-tactical ADP systems 


mentioned above. Small ships have been forced to do without 
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any kind of automated system formons tactical ADP 
applications, save a system brought onboard by a resourceful 
crewmember. Size is not the only differentiating factor. 
Most large ships have an extensive command and control 
capability, thus giving them another reason for having the 
first shot at the initial installation of ADP equipment. In 
this thesis, the author will focus on the group of vessels 
classified as "small ships". 

With the advent of SNAP II and other forms of 
non-tactical ADP systems in the fleet, there is an urgent 
need for some form of security program to protect these 
systems. This need is most pronounced in the small ships 
because they are new entries into the arena of automated 
data processing. That, and the fact that the author's 
professional background is in small surface ships, is the 
basis for the area of research that this thesis will 
encompass. Most instructions and directives in the 
Department of the Navy (DON) have, up to this time, focused 
primarily on the shore-based ADP system or the non-tactical 
ADP system on large ships. It is the contention of the 
author that there is a difference between the needs of a 
large ship/shore-based ADP system and the needs of the SNAP 
Il-type system of a small ship in the areas of shipboard ADP 
security organization and shipboard ADP security 


requirements. The author also contends that there is a need 
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for a separate security program which is suitable for small 
ships which excludes all of the extraneous requirements 
pertinent to large sytems. 

In the course of this thesis the author will attempt ge 
answer the following questions. First, is there a need for 
an abbreviated ADP security manual for small ships? If so, 
what level of detail is required, and what items will 
determine that level? Second, for an afloat unit, what sort 
of standard ADP security organization is required? Who 
should perform what functions, and why? Finally, how can 
these areas be addressed so that they can be of use to, and 
be made available to the fleet? 

In order to arrive at the point where these questions 
can be answered, it is necessary to gain a basic 
understanding of ADP security. The author will begin with a 


basic overview of ADP security including its' 


theory, 
application to the public sector and Department of Defense 
(DOD) in general, and those requirements for security which 
are imposed by the Federal government and specifically the 
DOD. After an understanding of the basic tenets of ADP 
security has been established, the author will present an 
overview of current DON ADP security requirements and 
regulations, concentrating on directives, instructions and 


technology presently in effect. Once the foundations of ADP 


security requirements currently in effect have been 


12 


presented, the author will present the unique requirements 
for ADP security on small ships, followed by a discussion of 
what type of security organization fits them best. Finally, 


conclusions and recommendations will be offered. 


4:3 


Il. OVERVIEW OF ADP SECURITY 


A. DEFINITIONS 

In order to better understand the ADP security problems 
facing a small ship it is necessary to first delineate 
exactly what ADP security is, what it entails, what forms of 
ADP security are currently available, and what basic 
requirements are imposed by the Federal government and the 
Department of Defense. 

First, what exactly is ADP security? A good definition 
is found in FIPS Pub 102: "Computer security is the quality 
exhibited by a computer system that embodies its protection 
against internal failures, human errors, attacks, and 
natural catastrophes that might cause improper disclosure, 
modification, destruction, or denial of service." [Ref. 4] 
This definition is followed by an amplifying statement that 
the computer security of a system 1s a relative quality, not 
an absolute state to be achieved, and that security applies 
to both software and hardware. Another necessary definition 
is that of a security requirement; an identified computer 
security need [Ref. 4: p. 12]. The amplification statement 
1s far more complex than the definition itself, but 0+ 
felt that it lends an expanded viewpoint to the definition: 


Computer security needs are derived from governmental 
policy, agency mission needs, and specific user needs. 
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Governmental policy relating to computer security is 
expressed in laws and regulations; agency security needs 
are found in the agency's standards and policies; and 
user security needs originate in the application 
characteristics. Security requirements are expressed in 
increasing detail as one progresses from high-level 
general description of the system through lower levels 


of detailed specification. Security requirements need 
frequent review to insure their accuracy. [Ref. 4: p. 
12] 


B. FORMS OF ADP SECURITY 

Now that the basic definitions of ADP security and 
security requirements have been explained, the author will 
present a brief overview of the different forms of ADP 
security which are in use today. Many of these will not be 
applicable to the requirements of a small ship, but they 
will help to provide a background as to how the various 
problems facing a small ship can be rectified. 

The author has already established that, as automation 
increases and the reliance on computer/ADP systems grows, it 
becomes increasingly important to ensure that the 
information entrusted to these systems is protected 
[Ref. 5]. There are a large number of threats facing these 
ADP systens. These threats include unauthorized access by 
people to specific areas and equipment; ADP hardware 
failures; failure of supporting utilities; natural 
disasters; human errors; nonavailability of key personnel; 


neighboring hazards; tampering with input, programs or data 
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files; and compromise of data through interception of 


acoustical or electromagnetic emanations from ADP hardware 


[Ref. 6]. Each threat has a specific way it can be 
countered, from bomb-proofing to internal protection of the 
programs. 


Physical protection of the ADP equipment is usually the 
easiest to provide in for normal situations on land-based 
facilities. The problem becomes greater in the shipboard 
environment, as will be discussed in Chapter IV. In the 
Civilian commercial environment it appears that the focus is 
on the techniques for information protection which range 
from simple procedural controls to complicated controls 
embedded within the hardware and software of the computer 
system itself, as opposed to the physical protection of the 
equipment [Ref. 5: p. 11]. 

some examples of the internal security techniques in use 
today include the security kernel concept, information 
encryption (for communications security), inference controls 
for statistical data bases, a total distributed general 
purpose computing system that can enforce a multilevel 
security policy, and the development of technology for a 
computer system that can be trusted to enforce security on 
itsiscown O sap. ٣٦۳ Of these techniques, the one of 
most importance to the topic of ADP security on small ships 


will be the security kernel concept, and it will be 
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discussed more fully in a later chapter. The other 
techniques are geared towards larger, more complex systems 
and are mentioned only as examples of what techniques are 


currently available for use today. 


C. ADP SECURITY REQUIREMENTS OF THE FEDERAL GOVERNMENT 


As previously mentioned, there has been a proliferation 


of computer usage in the past years by the Federal 
government. This increased growth in usage has precipitated 
an increased need for adequate security. To provide 


guidelines and recommendations for these policies there are 
a vast number of publications, bulletins and instructions 
which have been issued on the subject of computer and ADP 
security. The majority of these publications come from the 
Department of Commerce's National Bureau of Standards and 
are published as Federal Information Processing Publications 
IFES Pubs). A sampling of those dealing with ADP security 
are listed in Table I. Though not all-inclusive, this 
listing gives a general idea as to the titles available, and 
also to the number of regulations which can be applicable to 
this subject. 

For the Federal government, the general objectives of 
ADP security programs are 

1. data integrity 

2. data confidentiality 


3. ADP availability 


۷ 


TABLE I 


FIPS PUBLICATIONS 


l. FIPS Pub 31: "Guidelines for ADP Security and 
Risk Management" 


2. FIPS Pub 38: "Guidelines for Documentation of 
Computer Programs and Automated Data Systems" 


3. FIPS Pub 39: "Glossary for Computer Systems 
Security" 
4. FIPS Pub 41: "Computer Security Guidelines for 


Implementing the Privacy Act of 1974" 


5. FIPS Pub 65: "Guideline for Automated Data 
Processing Risk Analysis" 


6. FIPS Pub 73: "Guidelines for Security of 
Computer Applications" 


7. FIPS Pub 74: "Guidelines for Implementing and 
Using the NBS Data Encryption Standard" 


8. FIPS Pub 83: "Guideline on User Authentication 
Techniques for Computer Network Access Control" 


9. FIPS Pub 88: "Guidline on Integrity Assurance 
and Control in Database Administration" 


10. FIPS Pub 102: "Guideline for Computer Security 
Certification and Accreditation" 


4. protection against accidental/deliberate acts 
[Ref. 7] 
Dependent on the specific application of the ADP system is 


the method used to meet the above objectives and any 
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specific objectives unique to the application. Tom ٥ 
these objectives, basic controls are described. Selection 
of the controls that are applicable and necessary for a 
given application system depends both on its security objec- 
tives and on the environment in which the system operates. 
Some controls are implemented by hardware, the operating 
system or by the facility management [Ref. 7: p. 11]. These 


basic controls are: 


l. data validation 

2. user identity verification 
3. authorization 

4. journalling 

5. variance detection 


6. encryption [Ref. 73 pp.11-23] 
Though identification of the basic controls listed above may 
appear simple, it is not. It is recommended that it be done 
on a continous basis throughout the application system life 
cycle, and changes made as necessary along the life cycle. 
Three phases of the life cycle are mentioned in the govern- 
ment publications; initiation, development, and operation 
fees. 7: p. 231. Outlined are procedures which are recom- 
mended to be taken at each of these phases. These include: 
security feasibility studies and initial risk assessment in 
the initiation phase; security requirements definition, 


designs for security inherent to the system, security 
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programming practices, and test and evaluation of security 
software in the development phase; and data control, employ- 
ment practices, security training, security variance 
responses, software modification, hardware maintenance, and 
contingency planning in the operation phase (Ref. 7: pp. 
23-43]. The publication goes into more specific detail than 
is necessary for the purposes of this thesis at this time. 
It is important to remember that though these procedures are 
listed within various phases, security planning and mainti- 
nance are ongoing occurrences, and steps must be planned in 
order to correct variances or problems as they arise. 

In addition to the guidelines related above, there is 
also a security certification and accreditation program 
called for by the Federal government. This is detailed in 
FIPS Pub 102, and it carries further, the requirements 
listed for basic security. These rules form the basis for 


the regulations promulgated by all government agencies. 


D. ADP SECURITY REQUIREMENTS OF THE DEPT. OF DEFENSE 

Given that some of the pertinent sources of rules, 
regulations, and requirements for ADP security within the 
framework of the Federal government have been identified, it 
1S now necessary to relate the posture of the Department of 
Defense (DOD) on ADP security. Understandably, there is a 
need for a higher degree of security awareness in the DOD as 


opposed to the majority of the Federal government, 
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specifically in the areas of national defense. Ihere gere, 
it should follow that there is more emphasis placed on 
computer security in the DOD. 

In order to determine the needs for computer security, 
the DOD is continuously conducting tests, research studies, 
and designing systems to alleviate the threats to its ADP 
and computing equipment. In 1981 the DOD Computer Security 
Evaluation Center (DODCSEC) was established to "complement 
the established responsibilities of DOD components relating 
to the overall policy, security evaluation, and approval of 
computer systems . . . ." [Ref. 8] This center was created 
to aid in accomplishing the primary goal of the DOD with 
regard to ADP security: to acquire a secure system, 

one which will control, through use of specific security 
features, access to information such that only properly 
authorized individuals, or processes operating on their 
behalf, will have access to read, write, create, or 
delete information. [Ref. 9] 
The main thrust of their work is to thwart the penetration 
of the computer systems by the use of a Trusted Computer 
System. 

The Trusted Computer System (TCS) is a relatively new 
idea. It is a system that employs sufficient hardware and 
software integrity measures to allow its use for processing 
sensitive information [Ref. 8: p. 57], and, in order for a 


system to be trusted, the system must "reliably enforce a 
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specified policy for accessing the data it processes 07 
it accomplishes the functions for which it was built." 
[Ref. 10] In building this type of system, the designer must 
decide which security rules the system will enforce, and 
then be able to assure that the system enforces them. The 
principle recommendations to developers are that they 
consider the security requirements of each system as a part 
of its user-visible behavior, rather than as a separate set 
of requirements; continue to think about security throughout 
the design and implementation of the system; and use the 
best available software engineering technology [Ref. 10: Pp. 
86]. 

The DODCSEC has developed criteria for evaluating the 
hardware/software systems used in processing classified 
information. The basis of this program is the Trusted 


Computing Base (TCB) which is the protection mechanisms of a 


system (hardware, firmware, and software) that are 
responsible for enforcing a security policy [Ref. 10: p. 
89]. In this criteria are four hierarchical divisions, with 


D being the minimal, thru A for verified protection; and 
each division is broken up into numbered classes. The 
higher the class number, the greater the trust that can be 
placed in the system. These divisions are intended to 
represent major differences in the ability of the system to 


meet security requirements, while the classes represent 


22 


incremental improvements [Ref. 10: p. 89]. These criteria 
are at present generally being used in the requirements 
phase of system development as a way of specifying security 
requirements that correspond to the needs of a system, in 
addition to their use in system evaluation. 


The DOD is highly motivated in promoting the concept of 


the Trusted Computer System, and is gearing much of its 
computer research in that direction. There are a number of 
projects underway to develop trusted systems, including 


efforts to build trusted network interfaces [Ref. 10: p. 
91]. 

Even though it appears that the Trusted Computer System 
is the way of the future for DOD ADP security plans, there 
are some opponents to this concept. The opposition is not 
towards the basic idea of computer security, but towards the 
path being investigated. It is noted that the vast majority 
of computer-related crimes have been committed by personnel 
who have authorized access to the resources they misused 
[Ref. 9: p. 61]. The opponents do not have an alternative 
plan to thwart this misuse by authorized users except to 


limit access to the system. 


E. SUMMARY 
Up to this point, the» basic ideas of ADP security, 
Federal government ADP security sources and requirements, 


and the requirements and postures of the Department of 
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Defense on ADP security have been shown. This information 
is the foundation for the US Navy's requirements, goals, and 


policies on ADP security. 
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MADE SECURITY IN THE US NAVY 


In this chapter the author will present an overview of 
the contents of OPNAVINST 5239.1A, DON Automatic Data 
Processing Security Program, dated 3 August 1982. This 
instruction forms the heart of ADP security in DON and an 
understanding of its contents is necessary for all personnel 
who have any contact with an ADP system. In order to 
present a more concise appearance and to make it easier for 
the reader to follow, all facts and references in this 


chapter are from OPNAVINST 5239.1A unless otherwise noted. 


A. SCOPE AND OBJECTIVES 

This instruction applies to all DON activities and 
DON-related contractors, and is intended to serve as a 
management tool which combines all necessary security 
requirements from higher concerns, and promulgates them in a 
simpler format. It covers the areas of policy, 
responsibility and procedures for the establishment and 
maintenance of ADP security programs, implementation 
guidance, and assistance and direction in developing and 
applying cost-effective security measures for the protection 
of DON ADP systems and stored and processed data. 

The objectives of the instruction are to: 


l. Provide centralized guidance and uniform policy 
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2. Provide a program which is responsive to the secur ls 


requirements and needs of ADP systems 


3. Provide for operational reliability and asset 
integrity 
4. Provide realistic guidance and generalized procedures 


to ensure that all data are adequately protected 
against accidental or intentional destructgen? 
modification, and disclosure, and users are protected 
against denial of service which may result from 
events such as fraud, misuse, espionage, sabotage, 
malicious acts, natural hazards, or fire. 

In this instruction, various terms are used which may 
not be familiar to the reader. An ADP system is an assembly 
of computer equipment, facilities, personnel, software, and 
procedures configured for the purpose of classifying, 
sorting, calculating, computing, summarizing, storing) ٤ 


retrieving data and information with a minimum of human 


intervention. There are three types of data levels 
mentioned throughout the instruction. Level I is classified 
data; Level II is unclassified data requiring special 


protection; and Level III is all other unclassified data. 

It is an established fact that ADP security is an 
all-hands responsibility which encompasses the following 
elements: physical, administrative/operating procedures, 


personnel, communications, emanations, hardware, software, 
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and data. Due to the high importance placed on ۶ھ‎ 
security, it is necessary that the program be carefully 
managed, regularly reviewed, continuously monitored, and 
routinely audited. For this to be accomplished, DON has 
established a thirteen-point ADP security policy. In brief, 
these points are: 

l. A commanding officer and the ADP security staff will 
take the necessary steps to provide an adequate level 
of security for all ADP systems. They will implement 
the mandatory procedures for risk assessment, 
security test and evaluation (ST&E), and contingency 
planning. 

2. Risk assessments will be an integral part of most ADP 
security decisions. 

3. Technical assistance for risk assessments, ST&E, or a 
contingency test will be provided by Commander, Naval 
Data Automation Command. 

4. When a peripheral or remote device is to be connected 
to an ADP system or network processing Level I or II 
data and will be used by personnel of an activity 
that is not responsible for the security of the host 
system, the security of the peripheral is the 
responsibility of the activity responsible for 


security of the host ADP system or network. 


27 


10. 


11. 


76ا 


All DON ADP-related activities will comply with 
OPNAVINST SIT 

OPNAVINST C5510.93D contains guidance for the policy 
on TEMPEST requirements. 

All ADP activities will meet accreditation 
requirements as described below. 

Activities processing Level I high security data are 
subject to additional requirements from outside the 
DON. 

ADP security documentation disclosing vulnerabilities 
or exploitation techniques will be marked "For 
Official Use Only." 

Software and files providing internal security 
controls, passwords, or audit trails for ADP systems 
will be safeguarded to prevent unauthorized 
MOG Weed elon. 

Use of the Data Encryption Standard is prohibited for 
ADP systems processing Level I data. 

Many products available commercially are not 
Sanctioned for use by DON activities. Plans 
implementing these technologies for Level I data 
processing should include ascertaining if these 
products are to be endorsed for DON use. Requests 


for information should be forwarded to COMNAVDAC. 
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13. All ADP activities which process data covered under 
other instructions will comply with the more 
stringent requirements. 

In addition to the above listed policies, each 
commanding officer is responsible for the security of the 
ADP system under his command and must meet additional 
requirements which include development of an Activity ADP 
Security Plan (AADPSP), appointment of an ADP Security 
Officer (ADPSO), and ensure that proper care is taken to 
ensure the security of his installation. 

In the area of ADP security, an ADP activity or network 
is either accredited or not accredited. Accreditation 
describes the process whereby information pertaining to the 
security of an ADP activity or network is collected, 
analyzed, and submitted for approval to the appropriate 
Designated Approving Activity (DAA). After a review of this 
material, the DAA will either concur, thereby indicating 
that a satisfactory level o£ operational security is 
present; or not concur, indicating that the level of risk 
either has not been adequately defined or has not been 
reduced to an acceptable level for operational requirements. 
If not accredited, an activity may be issued an interim 
authority to operate, contingent upon improved security 
within a set periond of time. Accreditation 
responsibilities differ for the various levels of data 


(Levels I, II, III). 
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Office Information Systems 7075) are applications of 
automated technology for document preparation, storage, 
retrieval, manipulation, and distribution in an 5٤٦ 
environment. Office Information System Equipment (OISE) 
differs from ADP equipment, in that, OISE is primarily 
limited to document text preparation and handling 
applications, whereas ADP equipment is designed to process a 
variety of applications developed using a general purpose 
data processing language. There are specific security 
requirements relative to an OIS. Due to the limited scope 
of OIS applications, adequate security countermeasures can 
be identified and implemented with less procedural effort 
than would be required for a comparable ADP system. The 
minimum security requirements for an OTS include; 


operational reliability and asset integrity for prevention 


of loss from natural hazards, fire, theft, and malicious 
acts. The OIS is a system comparable to the non-tactical 
ADP systems found on small ships (i.e., SNAP II), and will 


be discussed in more detail in a later chapter. 


B. RISK MANAGEMENT 

Risk management is the determination of how much 
protection is required for an ADP system and how much 
protection already exists. It is an ongoing effort, and 
risk must be re-evaluated whenever changes occur to the ADP 
environment. The risk management program consists of three 
phases: 
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1. Development of an Activity ADP Security Plan 

2. Risk assesment 

3. Countermeasure implementation and effectiveness 
review. 

The AADPSP implements the security policies set forth in 
OPNAVINST 5239.1A. It establishes local security policies, 
defines security scope and objectives, assigns 
responsibilities, sets short/long-range security goals, and 
addresses security for all aspects of the local ADP 
elements. It is an important document which must be 
utilized for the management of the ADP security environment. 

Risk assessment consists of two distinct parts; threat 
and vulnerability identification, and countermeasure 
identification. A threat is defined as any agent capable of 
reducing the effectiveness of an ADP activity or network, 
thereby degrading mission accomplishment. A vulnerability 
is a weakness that may be exploited by a threat agent to 
cause harm to the ADP activity or network. Countermeasure 
identification is the process of determining the most 
cost-effective method of countering a threat or 
vulnerability. 

There is a specific risk assessment strategy laid out in 
ehe instruction. Ihe first step is to conduct an ADP 
security Survey which will provide basic information about 


the ADP security environment and help determine the scope of 
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the risk assessment GEESE EE Once this has been 
accomplished, the DAA will determine the risk assessment 
methodology to be used. There are two methods available, 
and the complexity of the ADP environment is the determining 
factor as to which one will be used. The environment 
complexity is governed by the level of data processed, 
security mode of operation, ADP system configurations and 
locations, and the criticality of the mission. Method I is 
the standard method for use in most ADP environments; Method 
II is for use in less complex ADP environments. Me TOCA 
provides for greater detail than Method II, and Method II 
does not provide for the interaction of threats and 
evaluation of threats by impact areas. There are other 


methods available, but permission must be obtained from CNO 


for their use. The basic steps for both methods are: 
l. Asset identification and valuation 
2. Threat and vulnerability evaluation 
3. Assessment of the frequency of successful attack 


4. Computation of the Annual Loss Expectancy (ALE) 
5. Selection af additional countermeasures based on 
return on investment and reduction of the ALE. 
Once the risk assessment has been completed, 
countermeasures must be selected which will make the level 
of risk acceptable. There are seven groupings of 


countermeasures based on correcting weaknesses in the ADP 
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environment. Each method within the groupings is described 
in terms of: 

l. Vulnerability--description of the weakness that could 
be exploited. 

2. Countermeasure--description of an action, device, 
procedure, technique, or other measure that reduces 
the identified vulnerability. 

3. Confidence--a judgement as to the effectiveness of an 
implemented countermeasure. 

4. Cost factor--qualitative statement on the anticipated 
expense of implementing a proposed countermeasure. 
The actual costs should be determined by consulting 
the local procurement authorities. 

5. Caveats--limitations, unusual risks, dependencies, 


and/or disadvantages related to the proposed 


countermeasure. 
By groupings, listed below are the various countermeasure 
techniques listed in OPNAVINST 5239.1A. The instruction 


states that the list is non-inclusive, but only contains the 
most common techniques. 

l. Software countermeasures: security audit trails, 
threat monitoring, residue control, log-on attempts, 
unique password/authentication processes, password 
protection from visual observation, file encryption, 
data base protection, periodic inspections of hard- 


ware, controlling use of assembler language coding, 
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two-person control, periods processing, testing and 
debugging, security editing and accounting, software 
engineering tools, virtual machine monitors, password 


file encryption, secure subsystems, and security 


kernels. 
Hardware countermeasures: protection-state vari- 
ables, memory protection mechanisms, front-end 


machines, data base machines, tampering detection, 
and interruption resistant power. 

Administrative countermeasures: security officer 
procedures, software development procedures, software 
maintenance procedures, batch input/output proce- 
dures, access procedures, waste procedures, emergency 


procedures, and operating procedures. 


Personnel countermeasures: personnel control and 
compromise. 

Emanations: emanation security. 

Physical countermeasures: access to the computer 


center, physical layout, fire protection, environ- 
mental control system, and building construction. 

Communications countermeasures: communications lines 
and links, terminal identification, handshaking, 
telephone instruments, protected distribution system 


and communications path alternatives. 
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The final step in the risk management program is 
countermeasure implementation and effectiveness review. 
This is done over a period of time. As the system changes 
and new threats are perceived, new countermeasures may be 
added as needed. The entire thrust of the preceding process 
is to gain a security accreditation and provide the best 


possible security for the systen. 


C. SECURITY TEST AND EVALUATION 
Security Test and Evaluation is another part of the 
accreditation process. The primary purpose is to obtain 


technical information to support the DAA's decision to 


accredit an ADP activity or network. It consists of two 
interrelated phases. The first determines whether the 
necessary countermeasures have been installed, and the 


second determines whether the installed countermeasures are 
working effectively. 

The resources expended and the level of detail required 
will depend upon the level of data being processed and the 
mode of operation. The results of the risk assessment will 
determine the level of detail and scope required. When the 
Commanding Officer is the DAA, the ST «€ E are the 
responsibility of the activity; otherwise it is performed by 
COMNAVDAC. Qualified personnel at the activity will perform 
the various steps of reviewing the risk assessment, 
developing the ST & E plan, executing the plan, and 
documenting the results. 
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D. CONTINGENCY PLANNING 

The Contingency Plan is an important part of an ADP 
security program. DON activities dependent upon ADP to 
support mission accomplishment are required to develop a 
plan which would allow continuity of mission accomplishment 
during abnormal operating conditions. The contingency plan 
will consist of two distinct phases; the preparation phase 
and the action phase. The scope of the plan will be such 
that it identifies: actions required if the normal ADP 
environment is impaired or disrupted; actions required if 
the functional application or user is denied information or 
service; and actions required if the ADP activity suddenly 
had to expand processing capability to accommodate a 
national emergency or some other critical event. 

Preparation of the contingency plan entails an in-depth 
look at emergency response, backup operations, recovery 
expectations, and an assessment of the necessity for 
emergency destruction of classified material. Once the plan 
has been completed, it is to be tested annually, and 
improvements made where necesSary. No contingency plan is 
required if unplanned disruption of services would not have 
a critical impact on mission accomplishment; the DAA must be 


informed if this is the case. 
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E. ADDITIONAL INFORMATION 

The remainder of OPNAVINST 5239.1A is comprised of 
various appendixes which offer a glossary of terms and 
definitions, samples of ADP security training plans, threat 
and vulnerability assessment worksheets, guidelines for ADP 
security documentation, DON security and audit controls, and 
mandatory minimum requirements for ADP activities including 
environmental and physical security, communications 
security, emanations security, and hardware/software 


security features. 


F. CONCLUSIONS 

As can be seen, the DON ADP security program is an 
extensive one which attempts to cover all aspects of the ADP 
security environment. But is it too extensive, too 
all-inclusive? Are there too many requirements and 
regulations which are mandatory but cannot be adhered to by 
the ADP organization of a small ship? These questions will 


be explored in the remaining chapters. 
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IV. SECURITY REQUIREMENTS EORSSHITEPBOARD ADE Voyage 


A. INTRODUCTION 

In the previous chapters the author has discussed the 
background of ADP security in terms of what it is, why it 
exists, the aspects of security and how they are interpreted 
by the Federal government, Department of Defense, and 
Department of the Navy, and the various requirements imposed 
on ADP systems by the agencies listed above. However, most 
of those requirements were devised with large ADP systems in 
mind. Because of this, and with the advent of non-tactical 
ADP systems being installed on small surface ships, it has 
been theorized that the current ADP security requirements in 
effect may be too extensive for these smaller shipboard 
systems. In this chapter the author will explore the unique 
security requirements for non-tactical ADP systems on small 
surface ships and some of the possible countermeasures 
available to combat perceived threats. The author will also 
address the subject of which sections of OPNAVINST 5239.1A 
have little or no relevence to non-tactical ADP security on 
small surface ships and how these sections can be adapted or 


removed. 
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B. NON-TACTICAL ADP SYSTEMS IN SMALL SHIPS 

Small surface ships are beginning to acquire 
non-tactical ADP systems in the form of the SNAP II systems. 
Prior to the installation of these systems onboard, most 
small ships had to rely on the manual method of 
accomplishing any data processing tasks. The objective of 
SNAP II is to reduce the administrative burden on the fleet 
by eliminating much of the manual paperwork requirements in 
the forms of records and reports, and by reducing error 
rates and associated time by screen-correcting documents 
through on-line/immediate validation [Ref. 3: DE 20H. 
Presently there are four subsystems in SNAP II. They are: 

1. System Management Subsystem (SMS). This performs 
system management and system service tasks in support 
of the other three subsystens. 

2. Maintenance Data Subsystem (MDS). This system will 
support the ship's maintenance plan, including ship's 
force work list, maintain maintenance logs and files, 
automatically prepare ۷ forms 4790/2K and 
4790/CK, interface between maintenance and supply, 
and allow maintenance completion with needed supply 
items in a simpler manner than is presently being 
done. 

3. Supply and Financial Management Subsystem (SEM). 


This system automates current supply procedures, 
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including Tnventery eoneres OPTAR accounting, and 
financial accounting. 

4. Administrative Data Management Subsystem (ADM). This 
will provide support for those functions specific 
related to shipboard administration. [Ref. 3: “Wipe 
20-21] 

As is readily apparent, SNAP II, when used properly, 
will be a boon to the surface fleet. Once this system is 
outfitted on board a small surface ship, what type of 
security threats exist, and what sort of security protection 
is required? 

C. THREATS TO NON-TACTICAL ADP SECURITY IN THE SHIPBOARD 

ENV IRONMENT 

It is quite easily understood that the environment on a 
naval vessel is fairly hostile to any type of system 
installed on board. In this section the author will 
identify those threats and vulnerabilities which relate to 
the non-tactical ADP system in the shipboard environment. 
This will not be an attempt to conduct a risk assessment, 
but only to provide the information necessary to identify 
the needs for ADP security, thus delineating shipboard 
security requirements. 

Previously mentioned in Chapter II was a list of the 
possible types of threats which face ADP systems. The first 


of these threats was unauthorized access by people to 
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specific areas and equipment. In the small ship environment 
this threat is not very prevalent. Most work areas where 
the non-tactical ADP system equipment would be used are 
small, and access to them will be very limited. In 
addition, when spaces on a vessel are not manned they are, 
as a matter of routine, locked. This, in addition to the 
possible use of an access list, would assist in deterring 
unauthorized access to the system equipment. The major 
threat in the way of unauthorized access would be the 
possibility of somebody being able to log onto the system 
without having the proper authorization allowing them to log 
on. One way to prevent this unauthorized usage and prevent 
tampering with input, programs, or data files is by the 
implementation of the security kernel concept. 

The security kernel is a technology which provides a 
conceptual base on which to build a secure computer system 
using a methodical design process [Ref. 11]. It is a system 
beginning to see wide development in the commercial market. 
An example of this form of application is Honeywell's SCOMP, 
an implementation of a hardware/software general purpose 
operating system based on the security kernel concept 
[Ref. 12]. Though SCOMP is used ina large system, there 
are also applications being developed for the use of the 
security kernel in small systems. Research conducted at the 


Naval Postgraduate School concentrated on the applications 
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of the security kernel for a multiprocessor microconputer 
[Ref. 13]. It is this area of research which appears to be 
the possible solution to the access threat posed in the 
preceeding paragraph. 

The security kernel approach is based on the concept of 
the reference monitor, which provides an underlying security 
theory for conceptualizing the idea of protection. In 5 


way all active entities make references to passive entities 


using a set of current access authorization. The security 
kernel consists of both hardware and software [Ref. 11: p. 
14]. The purpose here is not to provide a detailed analysis 


of the security kernel, but to give a brief outline so that 
the concept can be understood and possibly applied to the 
problem at hand. In order for the security kernel to be 
properly developed, a specific security policy must be 
delineated. There are two types of policies for this 
system: nondiscretionary, which contains mandatory security 
rules that are imposed on all users; and discretionary, 
which contains security rules that can be specified at the 
option of each user. Both policies are addressed by the 
rules of the security model (Ref. ll: Dios These 
policies should be determined on a class-wide basis for 
small surface ships, and possibly implemented as such. 

In the security model, each subject and object of the 


reference monitor is given a security identifier termed an 
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access class, which are compared at each state transition to 
determine whether a subject is allowed to access an object. 
By proper organization of a mathematical structure called a 
lattice, a wide range of policies can be supported [Ref. ll: 
De 16]. The final basic premises of this concept are the 
two fundamental rules of the nondiscretionary policy; the 
simple security condition, and the "star" property. The 
simple security condition prohibits users from directly 
viewing data they are not entitled to see, and the "star" 
property helps to prevent all illicit indirect viewing of 
objects [Ref. 11: p.16]. On the negative side of the 
security kernel is the fact that if applied to inappropriate 
hardware, the security kernel can impose significant 
performance burdens [Ref. 10: p.94]. This problem can be 
eradicated by simply chosing the correct hardware as needed 
to ensure proper utilization of the kernel. 

In the multiprocessor environment, the security kernel 
provides the mechanism for support of the security policy of 
the command. It is the author's belief that the proper 
implementation of a security kernel will provide a great 
deal of security for the system in the area of personnel 
trying to gain unauthorized access to the systen. 

A second area of threat is that of ADP hardware failure. 
This is very realistic in the small surface ship 


environment. Because of the nature of a small surface ship, 
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there are many outside agents which can contribute to the 
failure of non-tactical ADP hardware. These include salt 
contamination of components, intense movement of the 
platform due to rough seas, and missile hazards, also due to 
rough seas. In addition there is also the possibility of 
failure due to a mechanical problem within the system 
itself. The particular hazards encountered due to the ship 
being at sea can be easily countered by standards being 
established for the equipment to negate the pitch and roll 
of the ship, much in the same way as current equipment 
onboard is protected. Missile hazard damage is minimized by 
a careful inspection of the space prior to going to sea. 
This is a normal procedure on all ships prior to getting 
underway. Salt contamination prevention is a function of 
where the equipment is placed, and the adequacy of the 
compartment 's water-tight integrity. In essence, the best 
protection against hardware failure is to ensure that the 
equipment is sturdy, and that the space housing it is 
properly secured. 

Failure of supporting utilities can be a major problem 
on small surface ships, and it is not something that can be 
easily controlled. Power failures and air-conditioning 
losses are notorious common occurences on small surface 
ships. Power failures range from complete loss to improper 


voltage supplies. Electrical protection devices are 
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necessary to prevent damage by a short-lived abrupt loss of 
power and voltage fluctuations. Unfortuneately, there is no 
real protection from a major power loss. Backup generators 
for a non-tactical ADP system are not feasible due to space 
and operational considerations. In fact, even tactical 
abilities are lost during a major power loss because all 
emergency power is shunted to the engineering plant (save 
emergency lighting and power for a small radio) in order to 
give the engineering personnel the ability to restore power. 
A battery pack with a duration of not less than one hour was 
recommended in order to protect memory during an unexpected 
loss of power refprd 14 Loss of air-conditioning to a space, 
necessary to keep the machinery cool, is another often- 
encountered problem. The only real effective measures for 
this type of problem would be to either minimize system 
usage, or shut it down entirely. Air conditioning loss for 
a short period of time will probably have little effect on 
the system equipment due to it's low power usage. 

There are a number of natural disasters which can pose 
serious threats in the small surface ship environment. 
These include fire, flooding, and hurricanes. Not only do 
these pose a serious threat to the non-tactical ADP 
equipment, but also to the safety of the ship itself. 
Because of the consequences of fire and flooding to a small 


surface ship at sea, there are well-planned procedures to 
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combat either of the two when they occur. These procedures 
usually concentrate more on relieving the threat quickly to 
prevent it from spreading than to the actual protection of 
the concerned equipment. This could have an adverse effect 
on the non-tactical ADP system that might get caught ina 
fire or flood, but unfortunately there are few other 
alternatives. 

Human errors are basically a function of the amount of 
training given an individual prior to allowing them to use 
the system. Some of the possible errors can be quite 
cataclysmic. For officer personnel, the proper use of the 
SNAP II system is being incorporated into the curriculum at 
the Surface Warfare Officer School Command (SWOSCOLCOM) in 
the Basic Course, Department Head Course, PXO; and PCO 
courses. The level of instruction in each curriculum is to 
be geared towards the use of the system by the individual. 
Current plans are to provide training which will encompass 
all possible uses of the system [Ref. 3: p.21]. Training of 
this sort will not only reduce the possibility of human 


errors, but will also allow the system to be used to its 


full potential. At this time there is no equivalent course 
for enlisted personnel. There are a number of viable 
alternatives for training of enlisted personnel. When the 


SNAP II system was first readied for introduction to the 


fleet, it was recommended that training for enlisted 
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personnel be conducted at organic training courses (PN, SK, 


YN schools, 3M school, etc) for those who will be operating 


the SNAP II system ([Ref. 15]. Though being done on a 
minimal scale, there is another alternative, that of 
conducting the training at Fleet Training Centers. A major 


drawback for this alternative would be the extra funds 
required to implement the new courses. Funding is minimal 
for the first alternative. The author would recommend that 
training be continued in the source schools, but that some 
other sort of short course be implemented at the Fleet 
Training Centers for those not eligible for those schools. 
The most devasting threat which faces the non-tactical 
ADP system of a small surface ship is that of 
battle-inflicted damage. Granted that this is the ultimate 
which can occur, and it is not a threat to the security of 
the system that can be easily defended against. But the 
threat does exist, and must be addressed. Unfortunately, 
the best defense is to not receive any battle damage. 


Damage as a result of battle that can be inflicted to the 


non-tactical ADP system is fire, flooding, or total 
destruction. Countermeasures for fire and flooding are 
already in ship's instructions, and there are no real 


countermeasures for total destruction. 
As the author has related in the preceeding paragraphs, 


there are a number of threats which face the non-tactical 
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ADP system of a small surface ship, and some of them are 
unique to only this type of environment. Some of the 
threats have existing countermeasures which require little 
or no modification, whereas other measures must be 
implemented in their entirety. Now that the possible 
threats which exist have been identified, it will be easier 
to discuss the security requirements which are necessary for 


the non-tactical ADP system of a small surface ship. 


D. SECURITY REQUIREMENTS 

The author, in Chapter II, defined a security 
requirement as an identified computer security need. In 
this chapter the threats which face the non-tactical ADP 
system on a small surface ship have been discussed, along 
with some possible countermeasures for these threats. In 
this section the author will postulate what he believes to 
be the necessary security requirements, in terms of the 
security program in OPNAVINST 5239.lA, for a small surface 
ship. 

Due to the uniqueness of small ships and the extent of 
the security necessary for a non-tactical ADP system, it is 
possible that the present security requirements in OPNAVINST 
3239.1A are far too extensive for these types of ships. 
What is necessary is an instruction which contains the basic 
requirements for security and allows specific information to 


be added to it as appendices for the different classes of 
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small surface ships, much on the same order as the format of 
the COMNAVSURELANT Master Training Plan. As an example, it 
would be tailored for FEG-7 frigates by adding a FEG-7 
appendix to the basic instruction. An instruction of this 
type would be far easier to use, and would undoubtedly 
provide a far more productive security plan. 

There are some necessary sections which should be 
included in this generic instruction. These sections will 
follow the guide of OPNAVINST 5239.1A, but be pertinent to 
small surface ships only. As in all Navy instructions, the 
first section should define the scope of the non-tactical 
ADP security program as it relates to small surface ships. 
The second chapter should deal with the security 
organization, both of the the DON and the ship, outlining 


which officers are responsible for specific aspects of the 


system's security. This section will be further discussed 
in the course Of Chapter ve Their duties and 
responsibilities should be made stringently clear, and 


easily understandable. 

A section on accreditation is necessary also. For the 
case of small surface ships, the final accreditation 
authority should be the Type Commander (SURELANT, SURFPAC). 
The author believes that by having the authority for 
accreditation at the Type Commander level it will enable 


ships to receive aid far easier in case the ship is having 
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problems meeting requirements. It is expected that there 
will be only a limited amount of Level II data being used on 
these non-tactical ADP systems, with the majority of the 
information processed, being Level III. Because of this, 
the accreditation problem becomes much simpler. security 
requirements for Level II data can be determined by the 
Commanding Officer and ADPSO, with any strengthening of the 
requirements left to the discretion of higher level commands 
[Ref. 16]. By having the instruction promulgated at the 
Type Commander level, specifically for small ships, it will 
provide a more standard level of security, thereby making it 
easier to enforce and maintain. 

Requirements for accreditation should include a Method 
II risk assessment, development of an AADPSP, development of 
a contingency plan, and meet the minimum mandatory 
requirements for environmental and physical security. It is 
believed that the above requirements will be sufficient to 
guarantee the security necessary for the system. The author 
chose a Method II risk assessment because it is the proper 
one for a less complex ADP environment, of which the 
non-tactical ADP system is an example [Ref. 16: p. E-13]. 
Continuing with the theory of class-wide security 
instructions, a risk assessment can be made easier than 
would normally be expected. Since all ships of a class are 


similar, it follows that the assets, threats, 


50 


vulnerabilities and countermeasures would also be similar. 
Generic risk assessment formats would be promulgated by the 
Type Commanders and used by the individual commands who 
would make necessary changes due to unique ship alterations, 
etc. Contingency plans and security plans will be developed 
in the same manner. 

Included in this instruction would also be requirements 
for command review of the security program, to be conducted 
at intervals in compliance with current directives, which 
call for a review every three years or as necessary due to 
changes in the non-tactical ADP environment [Ref. 16: p. 
8-1]. 

A training plan for non-tactical ADP security is a 
necessary part of this instruction. Improper training of 
personnel is as great a danger to the system as any other 
threat. All personnel using the system should be required 
to have adequate instruction prior to using the systen. A 
Personnel Qualification Standard (PQS) developed for users 
would be an ideal method of training. As already stated, 
officers are to receive training at SWOSCOLCOM. A shipboard 
program should be outlined, and strictly enforced. The 
areas of knowledge required by OPNAVINST 5239.1A should be 
adhered to in this program [Ref. 16: p. 10-2]. 

Appendix J of OPNAVINST 5239.1A contains a listing of 


mandatory minimum security requirements. The requirements 
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listed for environmental and physical security are very 
similar to requirements already enforced on small surface 
ships. For the purposes of this new instruction they shows 
be tailored specifically for small surface ships so that 
there are no discrepancies. Examples include the 
requirement to keep all carpeted areas vacuumed frequently, 
and a section of mandatory requirements for activities 
processing Levels I and II data [Ref. 16: p. J-2]. These 
conditions do not exist on small surface ships. 

As can be seen, the outline presented above is an 
alternative instruction to OPNAVINST 5239.1A for a small 
surface ship. This type of instruction would be much easier 
for the shipboard ADP security Manager to follow in 
implementing a proper security program for his equipment. 
By not having to wade through a great amount of material not 
pertinent to his system, he will find that he has little 
problem making the security program work. Another positive 
outcome of this type of instruction would be a certain 
uniformity throughout the Surface Warfare community in the 


area of non-tactical ADP system security. 
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V.: NON-TACIICAL ADP SYSTEM SECURITY ORGANIZATION 


The mere presence of a non-tactical ADP security program 
does not guarantee that a system will be secure. There is 
also a need for a security staff to oversee the program to 
ensure its proper operation and maintenance. This chapter 
will discuss the present requirements for an ADP security 
organization, and the organization which the author believes 
would be more suitable for the non-tactical ADP system of a 


small surface ship. 


A. PRESENT ADP SECURITY ORGANIZATION REQUIREMENTS 

OPNAVINST 5239.1A delineates a specific ADP security 
organization for activities with ADP systems [Ref. 16: p. 
2-5]. As in all Navy commands, the Commanding Officer has 
full responsibility for the security of the systems under 
him. He is responsible for ensuring the development of an 
AADPSP, appointing an ADPSO/OISSO, and ensuring that all 
other requirements of security are met. 

Under the Commanding Officer, the ADP Security Staff is 
headed by the ADP Security Officer (ADPSO). He is 
responsible to the Commanding Officer for ensuring that all 
aspects of security are carried out. He must appoint the 
Network Security Officer (NSO) if needed, coordinate ADP 


security with the activity security manager, ensure that the 
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AADPSP is developed and maintained, appoint an ADP System 
Security Officer (ADPSSO) if needed, appoint a Terminal Area 
Security Officer (TASO) if needed, implement the Risk 
Management Program, carry out accreditation procedures, 
ensure development of contingency plans, assist the ADP 
security staff, ensure personnel security procedures are 
established, conduct systems tests and evaluations, develop 
a Risk Assessment Team Charter when required, and assume the 
ADP security staff responsibilities for any staff member not 
appointed. [Ref. 16: p. 2-9] 

The Network Security Officer (NSO) is responsible for 
developing the standard security procedures governing 
network operations and ensuring that all required network 
countermeasures are utilized [Ref. 16: p. 2-11]. The ADP 
System Security Officer (ADPSSO) is appointed at the 


discretion of the Commanding Officer for each ADP system 


which processes or will process Level I or II data. This 
officer performs much the same duties as the ADPSO, but for 
his assigned systems. In addition, he must be the focal 


point for all security matters for the ADP systems assigned, 


execute the ADPSP, maintain an inventory of all ADP 
hardware, implemented system software releases, monitor 
system activity, maintain liason with remote facilities 


served by the ADP system, conduct risk assessment, implement 


appropriate countermeasures, and perform other tasks as 
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indicated by the ADPSO [Ref. 16: Dis Z hol The Terminal 
Area Security Officer (TASO) is appointed for remote 
facilities and enforces all security requirements 
implemented by the ADPSSO for remote terminal areas and is 
responsible for ensuring that proper countermeasures are in 
place [Ref. 16: p. 2-12]. 

The final member of the ADP Security Staff is the Office 
Information Systems Security Officer (OISSO). As OISs are 
considered a subset of an ADP system, the ADPSO is 
responsible for the security of the OIS. However, at 
activities which have only OISs, an OISSO will be appointed 


in place of an ADPSO and will assume those duties of an 


ADPSO which are applicable to OISs [Ref. 16: p. 4-1]. He 
will maintain an inventory of the OIS, ensure that OIS 
Security Operating Procedures are available, and be 


responsible for instructing users as to knowledge of OIS 
technology, OIS security, and OIS operations [Ref. 16: p. 
4-4]. 
B. RECOMMENDED NON-TACTICAL ADP SYSTEM ت0٣‎ 
ORGANIZATION 
As can be seen above, the structure and responsiblities 
of the ADP Security Staff are complicated and immense. In 
most large activities, there are enough personnel to handle 
this additional workload. This is not the case on small 


surface ships. The wardroom (officer's complement) of a 
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small surface ship is small--usually no more than 30 
officers on the largest ships--and most have primary 
responsibilities which demand their full-time attention. In 
addition, most are required to perform collateral duties 
which take up their remaining time. No matter how important 
ADP security is, the job of ADP security officer will fall 
into this latter category. 

The author believes that there is not a need for all of 
the positions required by OPNAVINST 5239.1A. First, there 
are not enough personnel on board a small surface ship to 
effectively man the positions adequately, and second, the 
non-tactical ADP system is not extensive enough to warrant 
ee The author suggests that the positions necessary to 
facilitate an adequate security organization of a small 
surface ship are the ADPSO and ADPSSO. 

The ADPSO will perform those duties outlined in 
OPNAVINST 5239.1A, for his position, which are pertinent to 
a small surface ship's non-tactical ADP system. He will 
have overall responsibility for ensuring the security of the 
system and will report directly to the Commanding Officer in 
matters relating to security. The ADPSO position will be 
filled by a department head with this position being a 
collateral duty. The best possible choice would be the 
Operations Officer because his primary job already entails 


other points of security, and he would have less conflicts 
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with the performance of his primary duties. The other 
departments heads, engineer and weapons, have 
responsibilities which do not allow the freedom that the 
operations officer enjoys. The chief engineer very rarely 
has time to get away from the engineering plant, and the 
weapons officer is usually concerned with nuclear weapons 
security, when applicable. 

An ADPSSO is necessary to assist the ADPSO. No matter 
how small the system the author is convinced that ADP 
security is too important to leave to one person. The 
ADPSSO will perform the duties of his position as outlined 


in OPNAVINST 5239.1A that are pertinent to small surface 


ship systems. He will be responsible for the execution of 
the ADP security program. This position is best filled, 
again as a collateral duty, by a junior officer. It is 


difficult to ascertain from which department this officer 
Should be, but it is definitely recommended that this duty 
be this officer's primary collateral duty. As already 
iterated, ADP security is the most important aspect of the 
ADP system to the ADP security staff, and the ADPSSO must be 
able to devote the necessary time to the proper performance 
of his job. 

The author sees no need for the designation of a TASO, 
NSO, or OISSO in the small surface ship situation. Their 


duties as outlined, will fall within the purview of the 
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ADPSO and ADPSSO. In addition, the size of the non-tacticad 
ADP system does not call for these extra personnel. LE 
there are too many members of the security organization, it 
is quite possible that they will begin to work at 
cross-purposes. 

There is a definite need for a training program to be 
established for the ADPSO and ADPSSO to be completed prior 
to assumption of their duties. It would be detrimental to 
the security of the system, due to the intricacies of ADP 
security, to place officers in those positions without the 
proper training. The most likely choice for coordinator of 
the training program would again be the Type Commanders, 
once they have established the various security manuals for 


the different classes of ships. 
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VI. CONCLUSIONS 


In this thesis the author attempts to answer a number of 
specific questions. First, is there a need for an 
abbreviated ADP Security Manual for small surface ships, and 
if so, what is the level of detail required, and what items 
will determine that level? Second, what sort of ADP 
security organization is required for a small surface ship, 
who should perform what specific functions, and why? And 
finally, how can these areas be addressed so that they can 
be of use to, and be made available to the applicable 
portions of the fleet? Based on the material presented in 
the preceding chapters, the following conclusions can be 
drawn. 

There is a need for an abbreviated ADP security manual 
for the non-tactical ADP systems of small surface ships. 
OPNAVINST 5239.1A is far too awkward and contains many 
extraneous parts to be used in this particular environment. 
It contains parts which do not pertain to the problems 
discussed for small surface ships, and it can be very 
confusing to try and elicit the sections pertaining to small 
surface ship non-tactical ADP systens. The author has 
provided a framework which is believed to fit the needs of a 


small surface ship for non-tactical ADP security. Listed, 
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are those sections deemed applicable, as well as sections 
which should be added to make the manual more germane to 
these ships. It is recommended that the task of producing 
this manual be undertaken by the Surface Force Type 
Commanders, who have already forseen the need for this type 
of instruction, and that they should also oversee and 
implement the program. The new manual should be written so 
that it is applicable to all small surface ship types, with 
specific appendices written for specific ship classes. This 
is a necessary requirement due to the minor differences 
which exist because of differing security threats. The 
level of detail required for this manual is determined by 
the complexity of the necessary requirements. The type of 
threats to the systems employed are specific and vary by 
small degrees between ship classes. It is the type of 
threat which should determine this level of detail. 

The type of security organization required for a small 
surface ship is smaller than that required for a large ADP 
installation. The author recommends that an ADPSO and 
ADPSSO be appointed to fill the requirements of “Galle 
organization. The ADPSO should be on the level of a 
department head, preferably the Operations Officer. This is 
due to his already close contact with various aspects of 
security on the ship, and because the other department heads 


are already too encumbered with other responsibilities. The 


60 


ADPSSO will be the assistant to the ADPSO, and the position 
should be filled by one of the junior officers. Be is 
imperative that these officers be given adequate training in 
order to fulfill their responsibilities in a proper manner. 
It has been noted that proper training as to the 
operation of these systems is a key factor in maintaining 
adequate security. The author recommends that, in addition 
to the courses being offered at SWOSCOLCOM for Surface 
Warfare Officers, additional courses be instituted at the 
Fleet Training Centers and organic training schools to 


instruct enlisted personnel in the proper use of shipboard 


non=tactical ADP systems. There is a need to establish PQS 
for these systems' users to ensure that proper training is 
obtained. 


ADP security is an integral and necessary part of the 
ADP system. With the advent of new non-tactical ADP systems 
on small surface ships, it is necessary to ensure that 
proper steps be taken to guarantee that appropriate measures 
are instituted for this type of security on the small ships. 
The recommendations established in this thesis will provide 
a foundation for what the author believes to be a usable 


requirements manual and organization hierarchy. 
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